libarchive (3.6.2-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/libarchive.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 85270528
- Browser: https://salsa.debian.org/debian/libarchive
- Last scan: 2023-09-24 09:58:11+00
- Next scan: 2023-10-02 13:14:00+00
- Merge requests: 1
- CI pipeline status: success
- Debian changelog in Git:
libarchive (3.6.2-1) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database.
* Update standards version to 4.6.0, no changes needed.
[ Peter Pentchev ]
* Declare compliance with Policy 4.6.2 with no changes.
* Fix the licensing of the blake2-related files.
Closes: #1023392
* New upstream version:
- fix a ZIP read vulnerability (CVE-2022-28066)
Closes: #1008953
- fix a memory allocation vulnerability (CVE-2022-36227)
Closes: #1024669
- refresh the typos patch
- remove a lot of libarchive internal functions from the shared
library's symbols file. These functions were never present in
any of the public-facing libarchive header files, so they should
not be referenced by any libarchive consumers. In version 3.6.2,
libarchive switched to a "hide internal symbols" policy, so that
these symbols are now not present in the shipped shared library.
- drop the optional internal symbols regular expressions, too;
now that libarchive hides its internal symbols, the appearance of
any names like that in the generated symbols file would be a bug
- add the iconv-pkgconfig patch to drop the reference to "iconv"
from the .pc file: on Debian systems, iconv(3) is part of glibc
-- Peter Pentchev <roam@debian.org> Sat, 24 Dec 2022 23:17:29 +0200
- This branch is even with tag debian/3.6.2-1